[
https://issues.apache.org/jira/browse/NIFI-8692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jul Tomten updated NIFI-8692:
-----------------------------
Description:
I'd like to have sensitive attributes on the flow files.
I need to store attributes
z_Password
z_JWT_Token
http.headers.Authorization (from HandleHttpRquest)
and general users shouldn't see these attribute values - instead the values
should be masked with asterisk '*'.
Only users with superadmin policy or policy.view.sensitive.attribute.<attribute
name> policy should be alllowed to view the sensitive attributes.
policy.view.sensitive.attribute.in.processgroup.<processgroup>
sensitive attributes could be configured per process group and then inherited
to sub process groups.
Maybe the other way around - all attributes are sensitive by default.
Users can only view attributes they have policy for.
polic.yview.sensitive.attribute.<regex_attribute name>
policy.view.ALL.sensitive.attributes
more thinking about this is needed.
good ideas are welcome.
was:
I'd like to have sensitive attributes on the flow files.
I need to store attributes
z_Password
z_JWT_Token
http.headers.Authorization (from HandleHttpRquest)
and general users shouldn't see these attribute values - instead the values
should be masekd with asterisk '*'.
Only users with superadmin policy or view.sensitive.attribute.<attribute name>
policy should be alllowed to view the sensitive attributes.
view.sensitive.attribute.in.processgroup.<processgroup>
sensitive attributes could be configured per process group and then inherited
to sub process groups.
> sensitive attributes
> --------------------
>
> Key: NIFI-8692
> URL: https://issues.apache.org/jira/browse/NIFI-8692
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Affects Versions: 1.13.2
> Reporter: Jul Tomten
> Priority: Major
>
> I'd like to have sensitive attributes on the flow files.
> I need to store attributes
> z_Password
> z_JWT_Token
> http.headers.Authorization (from HandleHttpRquest)
>
> and general users shouldn't see these attribute values - instead the values
> should be masked with asterisk '*'.
> Only users with superadmin policy or
> policy.view.sensitive.attribute.<attribute name> policy should be alllowed to
> view the sensitive attributes.
> policy.view.sensitive.attribute.in.processgroup.<processgroup>
> sensitive attributes could be configured per process group and then inherited
> to sub process groups.
>
> Maybe the other way around - all attributes are sensitive by default.
> Users can only view attributes they have policy for.
> polic.yview.sensitive.attribute.<regex_attribute name>
> policy.view.ALL.sensitive.attributes
> more thinking about this is needed.
> good ideas are welcome.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
